Secure FTP options?

I have tried to establish a secure FTP connection to my ISPConfig managed server but to no avail:

- if I tell Filezilla to use "plain FTP" everything works as it should
- if I set Filezilla to use "explicit FTP over TLS" it connects but shortly afterwards the connection times out with the message "failed to retrieve directory listing"
- setting Filezilla to use "implicit FTP over TLS" does not connect at all - "Connection attempt failed with "ECONNREFUSED - Connection refused by server" - although I have opened ports 989 and 990 on the firewall (bastille)

If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3:

I need one more thing though in order to better secure pure-ftpd, and that is to set it to accept only SSL/TLS authentication. Where/how can I set the --tls switch in order to achieve that?
I have looked in the start-script of pure-ftpd but I'm not sure what to do.

I have the same question - how to enforce SSL/TLS connections for pure-ftpd.
I've made a guess and tried "echo 2 > /etc/pure-ftpd/conf/TLS" then restarted.
But the server still responds to a normal FTP client (Mac OSX) on the usual port number, so it seems to be a clear-text connection.
Thanks for any advice.

When I connect to my server using the Mac ftp client, I get this:
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 13:13. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
421 Sorry, cleartext sessions are not accepted on this server.
ftp: Login failed
ftp>

I've tried 2 different Mac clients which support FTPS - Fetch and Viper. Neither of them work in SSL/TLS mode.

I've opened ports 20 and 21, also 989 and 990 (the official FTPS ports) on the firewall.

Still can't get any success with other Mac clients - Transmit and RBrowser - which are listed supposed to be compatible according to:http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS
Maybe there's a certificate issue, but I've followed those instructions too, and in any case there is no message from any client about any certificate issue. So I'm at a complete loss.

If not with FTP what other secure method is available for ISPconfig clients to manage files on their websites?

1) The documentation is complete, it configures FTP to allow connections with and without TLS. Enforcing TLS might be fine for your own purpose but that's nothing to be enforced in general as this would lead to many complaints when software without TLS support is used for an FTP connection. I verified that on the server that's is the exact copy/paste version of the tutorial, connections with and without TLS are working out of the box when you followed the perfect server guide.
3) FTP connections are working fine in both modes and you don't need a VPN. All you have to do is to ensure that the passive port range of your FTP client http://www.faqforge.com/linux/contr...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ matches the passive port range that you opened for FTP in your firewall.